Attack Surface Metrics

Software systems are like castles: every entrance and exit must be carefully designed and closely guarded. When software engineers view their system in terms of an "attack surface", they can examine the entry points an attackers will try use to break in. Armed with this metaphor, developers can better understand how security risk fluctuates as they write code. In this study, we examine ways of estimating security risk by analyzing the interconnected web of method calls that go into large software systems, and examine correlations with historical vulnerabilities.

Research Image: 
Faculty Contact: